+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
Windows Thread, Split-Site School - What's the best way to set up the network? in Technical; Hi, We are a split site school (primary school and secondary school - 10k distance). There is a VPN link ...
  1. #1
    eean's Avatar
    Join Date
    May 2006
    Location
    Kuala Lumpur
    Posts
    566
    Thank Post
    68
    Thanked 54 Times in 38 Posts
    Rep Power
    30

    Split-Site School - What's the best way to set up the network?

    Hi,
    We are a split site school (primary school and secondary school - 10k distance). There is a VPN link (leased line) connection between the two for SIMS and the connection to the internet at the secondary site. The link is not fantastically fast or reliable (we're overseas). Currently, there are a number of domains on each site. This causes problems with duplicating work, and some (admin, mainly) staff work on both sites.

    So it would be better to have one domain.
    I understand that this is possible with active directory sites. Do we just have a subnet for each site then use that?
    Replication - is it bandwidth hungry?
    What happens when the link is down? Can we make it so that most services are replicated across each site?
    What happens when the link returns? Will windows figure everything out? (How clever is it? Hypothetically: if a user has changed their password at each site while the link is down, how does it know which to use?)
    Does it actually work?!

    Any help will be appreciated. I need to convince the new network manager that this is better than having all domain controllers at secondary, then a separate subdomain at primary which users can select if the link goes down

    Thanks,

  2. #2
    eean's Avatar
    Join Date
    May 2006
    Location
    Kuala Lumpur
    Posts
    566
    Thank Post
    68
    Thanked 54 Times in 38 Posts
    Rep Power
    30
    Also, NM wants to put a firewall between the sites? I'm not entirely sure why... I think it might be to stop viruses spreading between the sites or something. Is there logic in this? Or will we have to open up so many ports for the replication that it's not worth doing.

  3. #3

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740
    You can change settings in AD for replication over slow links etc.
    Checkout:

    How to optimize Active Directory replication in a large network

    For some more info on it.

  4. #4

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740
    You have opened a whole new kettle of fish in regards to AD replicating between firewalls - happy reading !!

    Active Directory Replication over Firewalls

  5. Thanks to mattx from:

    eean (10th October 2008)

  6. #5

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,225
    Thank Post
    875
    Thanked 2,717 Times in 2,302 Posts
    Blog Entries
    11
    Rep Power
    780
    I would think that you would want a server at each end so that all of the authentication is local to the site. AD sites and services can be used to setup multiple sites and sort out replication. Replication can be quite bandwidth heavy if there are lots of changes and initially. The clients will request and respond to the closest controller which could be specified in ad. Dividing up the subnets properly and firewalling will stop any authentication and unnecessary traffic from flowing over the slow link.

    AD is pretty reasonable when it comes to replication and working things out, it will attempt on to converge the data fully at each replication interval which I think is around 120 minutes. AD will start to complain if it cannot replicate for two to three days depending on configuration which starts to cause issues.

    If the user changes a password while the link is down at the remote site the local AD server will keep this change in its AD database and replicate it when it next can. If the user attempts to logon at the remote site they will have the new password but if the drive to the old site before the change has replicated it will be the old one.

    In general it will take 5 - 10 minutes to replicate it if the link is up but if you are dealing with file shares and stuff this interval will not matter as the authentication and kerberos ticket are picked up from the local server and then used on the main network.

  7. Thanks to SYNACK from:

    eean (10th October 2008)

  8. #6

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    To answer your broad questions: yes, it works, and it works well, and it sorts everything out. But it is no simple thing to set up, be prepared to spend probably a year on the transition. It's a very time-consuming process.

    Introducing a firewall is a whole other kettle of fish though.

  9. #7
    eean's Avatar
    Join Date
    May 2006
    Location
    Kuala Lumpur
    Posts
    566
    Thank Post
    68
    Thanked 54 Times in 38 Posts
    Rep Power
    30
    Quote Originally Posted by powdarrmonkey View Post
    To answer your broad questions: yes, it works, and it works well, and it sorts everything out. But it is no simple thing to set up, be prepared to spend probably a year on the transition. It's a very time-consuming process.

    Introducing a firewall is a whole other kettle of fish though.
    Why is it so complicated? The Microsoft article seems to make it sound fairly simple! What sorts of problems occurred?

    Thanks.

  10. #8

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,054
    Thank Post
    888
    Thanked 1,729 Times in 1,492 Posts
    Blog Entries
    12
    Rep Power
    454
    Personally i would go on one domain. How much money (if any) would you have to spend for the connection between the schools.

    You could have a fibre connection between the school and use the internet connection just at one school. All internet traffic will go down the fibre connection.

    Fibre is expensive but is faster and more reliable.

  11. #9
    Mcshammer_dj's Avatar
    Join Date
    Feb 2007
    Location
    Portsmouth
    Posts
    944
    Thank Post
    35
    Thanked 165 Times in 133 Posts
    Rep Power
    94
    I would consider terminal services with the fibre option

  12. #10
    eean's Avatar
    Join Date
    May 2006
    Location
    Kuala Lumpur
    Posts
    566
    Thank Post
    68
    Thanked 54 Times in 38 Posts
    Rep Power
    30
    Fibre is expensive but is faster and more reliable.
    I think we've got fastest option we can get/afford... I'm in Malaysia, you kinda have to take what you can get!

  13. #11

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by eean View Post
    Why is it so complicated? The Microsoft article seems to make it sound fairly simple! What sorts of problems occurred?
    It's not so much complicated as time-consuming, particularly if it doesn't work quite how you expected. All I'm saying is don't rush into it.

  14. #12
    eean's Avatar
    Join Date
    May 2006
    Location
    Kuala Lumpur
    Posts
    566
    Thank Post
    68
    Thanked 54 Times in 38 Posts
    Rep Power
    30
    What roles (e.g. Operations master etc...) need to be replicated on each site to ensure that if the link goes down both sites remain functional? Or does the Sites setting itself sort this out?
    What about DNS? Obviously needed on each site, but how do you set them up? Is one a backup to the main?

  15. #13

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,054
    Thank Post
    888
    Thanked 1,729 Times in 1,492 Posts
    Blog Entries
    12
    Rep Power
    454
    Quote Originally Posted by eean View Post
    What roles (e.g. Operations master etc...) need to be replicated on each site to ensure that if the link goes down both sites remain functional? Or does the Sites setting itself sort this out?
    What about DNS? Obviously needed on each site, but how do you set them up? Is one a backup to the main?
    If you make both DCís a global catalogue if one DC goes down the network should run.

    As for DNS, have a DHCP server on each site and configure the DHCP so it points to your DNS that is on site as primary. If you only have one DNS server on each site make the secondary the one on the other site. Do the ordering the opposite way round on the other site

  16. Thanks to FN-GM from:

    eean (13th October 2008)

  17. #14
    eean's Avatar
    Join Date
    May 2006
    Location
    Kuala Lumpur
    Posts
    566
    Thank Post
    68
    Thanked 54 Times in 38 Posts
    Rep Power
    30
    Yikes! I've just discovered that our WAN link is a 1MB PTP VPN. Our new NM wanted to have all the domain controllers at the secondary site and for primary to authenticate over that!

  18. #15
    eean's Avatar
    Join Date
    May 2006
    Location
    Kuala Lumpur
    Posts
    566
    Thank Post
    68
    Thanked 54 Times in 38 Posts
    Rep Power
    30
    Quote Originally Posted by FN-GM View Post
    As for DNS, have a DHCP server on each site and configure the DHCP so it points to your DNS that is on site as primary. If you only have one DNS server on each site make the secondary the one on the other site. Do the ordering the opposite way round on the other site
    Will the changes replicate to each other?

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Split a network cable
    By alonebfg in forum Wireless Networks
    Replies: 27
    Last Post: 6th November 2008, 01:13 PM
  2. Croydon High School: Site Network Manager
    By DaveP in forum Educational IT Jobs
    Replies: 0
    Last Post: 20th September 2008, 04:55 PM
  3. Please Help ! set up Web Site on server?
    By Andy_A in forum How do you do....it?
    Replies: 16
    Last Post: 9th May 2008, 10:29 AM
  4. Netsupport school - how have you set it up?
    By Halfmad in forum Network and Classroom Management
    Replies: 8
    Last Post: 6th June 2007, 09:00 AM
  5. Split site Network
    By lee_sri in forum Wireless Networks
    Replies: 8
    Last Post: 2nd February 2006, 07:39 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •